Paul Ryskin\ said:
How I can set permission from command prompt for:
1. Create, modify, delete any file in dir.
2. Deny create subdir.
I couldn't work it out using xcacls, but I finally got some results using
SetACL -
http://setacl.sourceforge.net. I've assumed you've already
prevented the target folder from inheriting permissions. The specified
user will be able to create, modify and delete any files in the target
folder, but will not be able to delete the target folder, any subfolders
or create subfolders.
Surely there's an easier way:-
@echo off & setlocal ENABLEEXTENSIONS
:: user account
set user="domain\user"
:: folder on which to set perms
set on="d:\data\users\user"
:: SetACL options
set "ot=file"
set "actn=ace"
:: regular perms
set "rp=read_ex,"
set "rp=%rp%list_folder,"
set "rp=%rp%read"
:: special perms
set "sp=traverse,"
set "sp=%sp%list_dir,"
set "sp=%sp%read_attr,"
set "sp=%sp%read_ea,"
set "sp=%sp%add_file,"
set "sp=%sp%write_attr,"
set "sp=%sp%write_ea,"
set "sp=%sp%delete,"
set "sp=%sp%read_dacl"
:: deny perms
set "dp=add_subdir,"
set "dp=%dp%delete"
:: build the SetACL commandline
set ace=n:%user%;
set "cmd=setacl -on %on% -ot %ot% -actn %actn%"
set "cmd=%cmd% -ace n:%user%;p:%rp%;m:set;w:dacl"
set "cmd=%cmd% -ace n:%user%;p:%sp%;m:grant;w:dacl"
set "cmd=%cmd% -ace n:%user%;p:%dp%;i:sc,np;m:deny;w:dacl"
:: run the command
%cmd%
